|
|
#11
09-19-2007, 08:41 PM
|
|||
|
|||
Re: Absolute Cheating
[ QUOTE ]
teddy, I've read these threads for the past several days and I'm posting for the first time. I work as an internet security consultant. I also play quite of bit of poker online, but not at absolute. From what I've seen so far, this smells of an inside job. This seems eerily similar to the Breeders cup scandal of 2002: http://espn.go.com/horse/news/2002/1120/1463562.html The problem here almost certainly is a rogue inside guy with intimate knowledge of the backend server software and access to hole card data in real time. How someone is able to get that information during a live hand could only be done through multiple failures at different levels at absolute. From a software design standpoint, any poker site should go to great lengths to ensure that the hole card data can only be seen by the person playing the hand. There should be no feature on the server software to allow any human to view hole cards until the hand is over. After the hand is over, it can be written to the HH logs. There is simply no reason to have any "superuser" account in production that can see other hole cards, nor should there be any way for even the administrators of the servers or the software to even view this information. However, all the evidence provided here so far indicates that there is some back door like this at absolute that has been used in production. It seems clear to me that there is likely a breakdown here in the Absolute organization where software security controls were not followed. Usually this happens when organizations get sloppy. Is it a coincidence that many of the hand history files are corrupt when coming from Absolute? Is it a coincidence that the security team has trouble figuring out if two players even played together? I think not. From the information available so far, it seems that management is not intentionally trying to use “god mode” to steal money at high stakes tables. That would be crazy. But, there is probably one or two inside guys that know more about the system than anyone else that they should be looking at. From your synopsis of their security department, this might take some time for them to figure out what really happened. This is especially true since the people that actually used the information had no clue how to hide their tracks. [/ QUOTE ] Great post K9. What do you think of the possibility of some kind of network sniffer onsite or near the site, and then broken encryption in the hole-card data going to the clients? I mean hole cards are such a tiny bit of data, if you don't purposely add a bunch of random noise. Maybe they just watched the line long enough to figure out the encrypted signature of every different combination of hole cards. Maybe the inside dudes actually work at Absolute's Costa Rican ISP. Hmmmm.... |
|
|
Threaded Mode